AUTH-1 Single Sign On (SSO)

What is this control about?

This is a best practice recommendation for critical systems, but not required. Therefore do not panic if you don’t have SSO implemented on all your systems.

Because the mandatory control is that a unique username and password are required to authenticate to any system, program, or data.

Having SSO is industry best practice and enhances the protection mechanism, but that decision remains at the discretion of each organization.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, because we haven’t personally used them. 

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

• N/A – no templates recommendation

Control implementation

Implement SSO configuration settings on each system, especially critical systems. As noted in the above section, this is not mandatory.

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

• Upload a screenshot of the configuration settings that shows SSO enabled for all users.

Note: This control is automated by TrustCloud. Connect your system to enjoy the benefit of automation

Evidence example

From the suggested action above, an example is provided below.

1. Upload a screenshot of the configuration settings that shows Single Sign On (SSO) enabled for all users.

There are many different ways to show this: